openharmony_ci
5c7b8355bd
code refine Created-by: wangyongzhong2 Commit-by: wangyongzhong2 Merged-by: openharmony_ci Description: ### 一、内容说明(相关的Issue) https://gitcode.com/openharmony/security_dataclassification/issues/164 ### 二、建议测试周期和提测地址 建议测试完成时间:xxxx.xx.xx 投产上线时间:xxxx.xx.xx 提测地址:CI环境/压测环境 测试账号: ### 三、变更内容 * 3.1 关联PR列表 * 3.2 数据库和部署说明 1. 常规更新 2. 重启unicorn 3. 重启sidekiq 4. 迁移任务:是否有迁移任务,没有写 "无" 5. rake脚本:`bundle exec xxx RAILS_ENV = production`;没有写 "无" * 3.4 其他技术优化内容(做了什么,变更了什么) - 重构了 xxxx 代码 - xxxx 算法优化 * 3.5 废弃通知(什么字段、方法弃用?) * 3.6 后向不兼容变更(是否有无法向后兼容的变更?) ### 四、研发自测点(自测哪些?冒烟用例全部自测?) 自测测试结论: ### 五、测试关注点(需要提醒QA重点关注的、可能会忽略的地方) 检查点: | 需求名称 | 是否影响xx公共模块 | 是否需要xx功能 | 需求升级是否依赖其他子产品 | |------|------------|----------|---------------| | xxx | 否 | 需要 | 不需要 | | | | | | 接口测试: 性能测试: 并发测试: 其他: See merge request: openharmony/security_dataclassification!123
Data Transfer Management
Introduction
In OpenHarmony, the data transfer management module provides cross-device data transfer management and control policies for distributed services. The data transfer management module defines a sef of APIs to provide management and control policies for cross-device data transmission and obtain the highest risk level of data to be sent to the peer device.
The figure below illustrates the deployment logic of the data transfer management module.
-
Distributed service: provides distributed data management capabilities, including the distributed file system and distributed data management.
-
Data transfer management module: provides management and control policies for cross-device data transmission and obtains the highest risk level of data to be sent to the peer device.
-
Device security level management module: provides device security level information for data transfer management and control.
Before data is transferred, the distributed service checks whether the security level of the peer device supports the risk level of the data to be transferred. The table below lists the mappings between the device security levels and data risk levels.
Table 1 Mappings between data risk levels and device security levels
| Device Security Level | SL5 | SL4 | SL3 | SL2 | SL1 |
|---|---|---|---|---|---|
| Data Risk Level | S0 to S4 | S0 to S4 | S0 to S3 | S0 to S2 | S0 to S1 |
The distributed service blocks data transmission based on the data risk level returned by the data transfer management module. Before data transmission is denied, a dialog box can be displayed to ask for user's permission. Data can be transferred if the user allows. The device vendors can implement the authorization mechanism.
Directory Structure
/base/security/dataclassification
├── frameworks # Framework code
│ └── datatransmitmgr # Code of basic functions
└── interfaces # APIs
── innerkits # Internal APIs
└── datatransmitmgr # Code of internal APIs
Available APIs
Table 2 APIs of the data transfer management module
| API | Description |
|---|---|
| int32_t DATASL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo); | Obtains the data risk levels supported by the device. |
| int32_t DATASL_GetHighestSecLevelAsync(DEVSLQueryParams *queryParams, HigestSecInfoCallback *callback); | Asynchronously obtains the data risk levels supported by the device. |
| int32_t DATASL_OnStart(void); | Starts initialization. |
| void DATASL_OnStop(void); | Stops initialization. |
Repositories Involved
Security subsystem
base/security/dataclassification